1 PACKAGES += cifs-utils libpam-mount libpam-script lightdm nis nscd samba-common-bin usermode libnss-nis
4 nis_server := nismaster
7 nis_domain := ${nis_server}
10 smb_server := ${nis_server}
15 nis nis/domain string ${nis_domain}
18 export smb_nis_pamscript smb_nis_pammount
20 define smb_nis_pamscript :=
23 # forced through bash, to hide euid from smbpasswd
25 printf "%s\n" "$$PAM_OLDAUTHTOK" "$$PAM_AUTHTOK" "$$PAM_AUTHTOK" \
26 | smbpasswd -sr ${smb_server} -U "$$PAM_USER"
33 define smb_nis_pammount :=
34 <pam_mount> <debug enable="0" />
35 <!-- Volume definitions -->
36 <volume options="vers=1.0,user=%(USER)" fstype="cifs" server="${smb_server}" path="%(USER)" mountpoint="~" />
37 <mntoptions require="nosuid,nodev" />
38 <logout wait="0" hup="no" term="no" kill="no" />
39 <mkmountpoint enable="1" remove="true" />
44 .PHONY: _smb_nis _ypbind
45 _config: _smb_nis _ypbind
47 _smb_nis: ${CFGROOT}/opt/pam_script/pam_script_passwd ${CFGROOT}/etc/security/pam_mount.conf.xml
48 _smb_nis: ${CFGROOT}/etc/yp.conf ${CFGROOT}/etc/defaultdomain ${CFGROOT}/etc/default/nis
51 sed -Ei 's;^(passwd:|group:|shadow:|gshadow:).*$$;\1 files nis;' $${CFGROOT}/etc/nsswitch.conf
52 sed -Ei '/pam_(script|mount).so/d' $${CFGROOT}/etc/pam.d/common-*
53 printf '\nauth required pam_mount.so\n' >>$${CFGROOT}/etc/pam.d/common-auth
54 printf '\nsession optional pam_mount.so\n' >>$${CFGROOT}/etc/pam.d/common-session
55 printf '\npassword required pam_script.so dir=/opt/pam_script\n' >$${CFGROOT}/etc/pam.d/common-password
58 chroot "$<" systemctl enable ypbind
60 ${CFGROOT}/opt/pam_script/pam_script_passwd: ${CFGROOT} .FORCE
62 printf '%s' "$${smb_nis_pamscript}" >"$@"
65 ${CFGROOT}/etc/security/pam_mount.conf.xml: ${CFGROOT} .FORCE
67 printf '%s' "$${smb_nis_pammount}" >"$@"
69 ${CFGROOT}/etc/yp.conf: ${CFGROOT} .FORCE
70 printf 'ypserver %s\n' "${nis_server}" >"$@"
72 ${CFGROOT}/etc/defaultdomain: ${CFGROOT} .FORCE
73 printf '%s\n' "${nis_domain}" >"$@"
74 printf 'kernel.domainname = %s\n' "${nis_domain}" >"${CFGROOT}/etc/sysctl.d/10-domainname.conf"
76 ${CFGROOT}/etc/default/nis: ${CFGROOT} .FORCE
77 printf '%s\n' "NISSERVER=false" "NISCLIENT=true" "YPPWDDIR=/etc" "NISMASTER=${nis_server}" >"$@"